Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 23, 2021, 4:35 p.m.	Aug. 23, 2021, 4:38 p.m.

Size	180.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`59faa740c9efe54f967745118e4bc625`
SHA256	`cc3475b2350c1870d6a8b8134ef6b127d171b83c5f622cf2258010f8fc4b73fd`
CRC32	`D4FCE8AD`
ssdeep	`3072:g+QdHKCuzOt/3i4g3JRNhkHaOLBQFUQur4r0nYzkIUX/UI8auCczUCJj8WYrk0ZI:lCHtiLNh2aO1QFUQur4r0nYzkIUX/UIa`
Yara	PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file IsPE32 - (no description)

PO623473258-50465043274032859-543745439900112.exe "C:\Users\test22\AppData\Local\Temp\PO623473258-50465043274032859-543745439900112.exe"
2216

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

resource name

CUSTOM

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 23, 2021, 4:35 p.m.	process_identifier: 2216 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72d72000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Aug. 23, 2021, 4:35 p.m.	process_identifier: 2216 region_size: 73728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00530000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 23, 2021, 4:35 p.m.	process_identifier: 2216 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x003f0000 process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00026000', u'virtual_address': u'0x00001000', u'entropy': 6.93810563429045, u'name': u'.text', u'virtual_size': u'0x00025800'}

entropy

6.93810563429

description

A section with a high entropy has been found

entropy

0.863636363636

description

Overall entropy of this PE file is high

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Mucc.4!c
Elastic	malicious (high confidence)
FireEye	Generic.mg.59faa740c9efe54f
McAfee	Artemis!59FAA740C9EF
Cylance	Unsafe
Alibaba	Trojan:Win32/Injector.a5046c01
Cybereason	malicious.976909
Cyren	W32/VBKrypt.AYY.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.EPYS
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:Trojan.Win32.Mucc
Avast	FileRepMalware
McAfee-GW-Edition	BehavesLike.Win32.VBObfus.ch
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Infostealer.R437774
BitDefenderTheta	Gen:NN.ZevbaCO.34088.lm0@aSRU@qai
SentinelOne	Static AI - Malicious PE
Fortinet	W32/EPYS!tr
MaxSecure	Trojan.Malware.300983.susgen
AVG	FileRepMalware
CrowdStrike	win/malicious_confidence_90% (W)

PO623473258-50465043274032859-543745439900112.exe